ACL bug - The groot user is gone

Moved from GitHub dgraph/5650

Posted by MichelDiz:

What version of Dgraph are you using?


Works fine in v1.1.0

Have you tried reproducing the issue with the latest release?

Master, but the master has breaking changes for now.

What is the hardware spec (RAM, OS)?

32GB, Darwin

Steps to reproduce the issue (command/config used to run Dgraph).

dgraph zero
dgraph alpha  -o 100 --acl_secret_file ./key

Test on v1.2.5

dgraph zero
dgraph alpha --acl_secret_file ./key
➜  ~ dgraph acl -a localhost:9080 mod -u groot --new_password
[Decoder]: Using assembly version of decoder

Running transaction with dgraph endpoint: localhost:9080
Current password for groot:
Unable to modify: unable to get dgo client: unable to login to the groot account: rpc error: code = Unknown desc = Authentication from address [::1]:56051 failed: unable to authenticate through password: user not found for id groot

Expected behaviour and actual result.

PS. I think it is definitely related to the SPAMMING logs in GraphQL tasks. Cuz I had to force the shutdown.

access_ee.go:402 Successfully upserted the groot account

We should be able to run the go test in GitHub - dgraph-io/dgo: Official Dgraph Go client

Apparently it is or related to something in GraphQL bg tasks. Because the first time there was a bug with GraphQL SPAMMING logs. And with that, the command “upserted the groot account” was ignored.

My second theory has to do with offset_port. When I didn’t use offset_port it started to work normally in versions that weren’t working. Then, once it works again, I disconnect the cluster and go back to offset_port = 100 to test again (I need to use 8180 in go tests). And the problem happens again.

The “workaround”

What is weird is that this workaround sometimes works, sometimes I have to wait hours to make it work or reboot the system.

1 - Downgrade Dgraph to v1.1.0

curl -sSf | VERSION=v1.1.0 bash
dgraph alpha --acl_secret_file ./enc_key_file --lru_mb 4000


Serving tablet for:
Done schema update predicate:"" value_type:STRING
Successfully upserted the groot account
 Login request from: [::1]:60757

then, kill it and upgrade to v20.03.0

curl -sSf | VERSION=v20.03.0 bash

Is there any update on this issue?

I am running master and it seems to not be addressed yet.
I do see a couple mentions of ACL:

alpha    | 2020-09-04T09:12:59.997033286Z I0904 09:12:59.996946      16 access_ee.go:373] ResetAcl closed                                                  
alpha    | 2020-09-04T09:12:59.997055692Z I0904 09:12:59.996962      16 access_ee.go:310] RefreshAcls closed 

However I was able to get ACL working on v20.03.5-rc1-18-gb3cede557

Is it only broken (or even deprecated) on master?